Vulnerabilities > Phpwcms

DATE CVE VULNERABILITY TITLE RISK
2007-02-15 CVE-2006-7019 Remote Security vulnerability in phpwcms
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.
network
low complexity
phpwcms
7.5
2006-12-31 CVE-2006-6886 Information Exposure vulnerability in PHPwcms 1.2.5Dev
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
network
low complexity
phpwcms CWE-200
5.0
2006-05-22 CVE-2006-2519 Local File Include vulnerability in PHPwcms 1.2.5Dev
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via ..
network
high complexity
phpwcms
2.6
2006-05-22 CVE-2006-2518 Cross-Site Scripting vulnerability in PHPwcms 1.2.5Dev
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.
network
high complexity
phpwcms
2.6
2005-11-24 CVE-2005-3790 Cross-Site Scripting vulnerability in PHPWCMS
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
network
phpwcms
4.3
2005-11-24 CVE-2005-3789 Unspecified vulnerability in PHPwcms 1.2.5Dev
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a ..
network
low complexity
phpwcms
5.0